Why Ransomware Can Make You Want To Cry

In this very moment, someone is clicking a link in a spam email or activating macros in a malicious document. In a few seconds, all their data will be encrypted and they’ll just have a few days to pay hundreds of dollars to get it back. It’s Ransomware!

MY mother received the ransom note on the Tuesday before Thanksgiving. It popped up on her computer screen soon after she’d discovered that all of her files had been locked. “Your files are encrypted,” it announced. “To get the key to decrypt files you have to pay 500 USD.” If my mother failed to pay within a week, the price would go up to $1,000. After that, her decryption key would be destroyed and any chance of accessing the 5,726 files on her PC — all of her data — would be lost forever.

Sincerely, CryptoWall.

So, what is Ransomware?

Ransomware is a complicated malware that blocks the user’s access to their own files, and the only way to get back the files is to pay a ransom. WannaCry vulnerability in Windows OS, first discovered by the NSA, and then publicly revealed to the world by the Shadow Brokers. In the first few hours, 200,000 machines were infected. Big organizations such as Renault or the NHS were struck and crippled by the attack.

Ransomware has been a growing trend for the past two years, and this is just a culmination, a grand reveal to the wider world of just how big of a threat it is. But we’ve been writing about this for a while now.

Why they target businesses?

Because simply that’s where the money is! They know well that this infection can cause major business disruptions especially that they can affect servers too, which will increase their chances of getting paid.

This Chart by statista sums up key numbers in relation to the WannaCry cyber attack.

How did it spread?

Spam email campaigns that contain malicious links or attachments

Security exploits in vulnerable software

Internet traffic redirects to malicious websites

Legitimate websites that have malicious code injected in their web pages

Drive-by downloads

Malvertising campaigns

SMS messages (when targeting mobile devices)

Botnets

Self-propagation (spreading from one infected computer to another)

Affiliate schemes in ransomware-as-a-service (Basically, the developer behind the ransomware earns a cut of the profits each time a user pays the ransom)

Is it over yet?

Unfortunately NO! These attacks get more enhanced by the day, as cyber criminals learn from their mistakes and tweak their malicious code to be stronger, more intrusive and better suited to avoid cyber security solutions.

The WannaCry attack is a perfect example of this since it used a widespread Windows vulnerability to infect a computer with basically no user interaction.

Promise yourself to do these things:

On your PC:

Have a backup for important files

Don’t turn on The Dropbox/Google Drive/OneDrive/etc. application on your computer by default. Sync the data and close them once done

Use an up to date operating system and software including security updates